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DETAILED ACTION 

Claims 1-45 liave been full reexamined and are pending. 

Response to Amendment 

Examiner acknowledges the amendment to the abstract and withdraws 
the previous objection. As per claim 29,-the amendment has-rectified the 35 
use §112 rejection. 

Response to Arguments 

Applicant's arguments with respect to claims 1-45 have been considered 
but are moot in view of the new ground(s) of rejection. 



Claim Rejections • 35 USC ' 103 

The text of those sections of Title 35, U.S. Code not included in this action 
can be found in a prior Office action. 
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Claims 1-4. 8-16, 25-29, 31, 36-40, and 44 are rejected under 35 
U.S.C. 1 03(b) as being unpatentable by Vollert et al, hereinafter Vollert (USP 
5,208,858) in view of Ganesan (USP 5,535,276). 

As per claim 1 , 25, and 36, Vollert teaches a method of signing and 
authenticating electronic documents comprising securely storing a plurality of 
private keys associated with a plurality of users in a private key database on a 
local-computer cluster (col. 3, lines 33^40); - - 

receiving at the local computer cluster a signing request transmitted from 
a first remote computer by a first user (col. 2, lines 3-60; identifying the signing 
request as one transmitted by the first user (col. 2, lines 65-68), and identifying a 
signature ready document to be signed (col. 2, lines 5); 

retrieving at the local computer cluster the signature ready document to be 
signed (col. 2, lines 8-10); 

signing the signature ready document on the local computer cluster using 
a complete private key to produce a signed document (col. 2, line 8). 

Vollert does not use of a pre-installed add-in software program configure 
to provide a signed message at the remote computer; therefore the newly added 
negative limitation is met. 

Vollert is silent in expressly disclosing storing private key portions and 
retrieving at the local computer cluster a private key portion associated with the 
first user from the private key database generating a complete private key using 
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the retrieved private key portion if the retrieved private key portion is not a 
complete private key. 

Ganesan teaches: 

securely storing a plurality of private key portions associated with a 
plurality of users in a private key database on a local computer cluster (column 8, 
lines 1 1 -43 and column); 

retrieving at the local computer cluster a private key portion associated 
with the first user (column 11, lines 29-31 ) from the private key database 
generating a complete private key using the retrieved private key portion if the 
retrieved private key portion is not a complete private key (column 12, lines 45- 
53). Ganesan teaches that it is advantageous for a trusted third party to maintain 
one portion of every user's RSA private key (column 3, lines 17-25). This forces 
the user to interact with a trusted third party, which provides practical advantages 
such as instant revocation. 

In view of this, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to employ the teaching of Ganesan within the 
system of Vollert because interacting with a trusted third party by allowing it to do 
the signing improves the overall security of the system to all parties involved. 
One skilled in the art would have been motivated to generate the claimed 
invention with a reasonable expectation of success. 

As per claim 2, Vollert teaches the private key portion is a complete 
private key (col. 3, line 35). 
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As per claim 3, Vollert teaches receiving signing identification credentials 
from the first user (col. 2, line 63 — col. 3, line 14). Vollert fails to teach 
constructing a complete private key using the private key portion and the 
received signing identification credentials. Ganesan teaches constructing a 
complete private key using the private key portion and the received signing 
identification credentials (column 12, lines 45-65 and column 14, lines 10-40). 
The examiner supplies to same rationale for the motivation to incorporate the 
teachings of Ganesan within the system of Vollert as recited in-the rejection of 
claim 1 . Vollert teaches sending identification credentials to the server. 
Furthermore, it would have been obvious to one of ordinary skill in the art to 
generate the server side of the private key with identifying credentials because it 
associates the key with the intended user. 

As per claim 4, Vollert is silent in disclosing transmitting over the Internet. 
Vollert does teach a system communicating over a network (col. 1 , lines 54-56). 
In view of this it would have been obvious to one of ordinary skill in the art at the 
time of the invention to modify the teachings of Vollert to include communication 
over the Internet because the Internet is a huge network. 

As per claims 8, 26, and 37, Vollert teaches storing the signature ready 
document in a first document database (col. 2, lines 40-44). 
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As per claims 9 and 31 , Vollert teaches prior to signing: receiving form 
data from the first remote computer; and modifying the retrieved signature ready 
document based on the received form data (col. 2, lines 10-11). 

As per claims 10 and 27, Vollert teaches the first document database is 
located on the local cluster (col. 3, line 17). 

As per claim 11 , Vollert teaches the first document database is located on 
a secure second remote computer for redundancy (col. 3, lines 16-18). 

As per claims 12, 28, and 38, Vollert teaches storing the signed document 
in a second document database (col. 2, lines 15-16). 

As per claims 13 and 29, Vollert teaches the second database is located 
on a secure second computer remote computer (coL 5, lines 1-5). 

As per claim 14, Vollert teaches the second database is located on the 
local computer cluster (col. 5, lines 1-5). 

As per claims 15 and 39, Vollert teaches associating at least one of the 
signature ready document and the signed document with a document owner (col. 
2, lines 10-13). 
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As per claims 16 and 40, Vollert teaches notifying at least one of 
document owner and the first user that a signature ready document or a signed 
document has been signed (col. 2, line 14). 

As per claim 44, Vollert teaches the first user is a registered user (col. 2, 
lines 9-10, 66-68, and col. 3, lines 12-13). 



Claims 5-7,17-21, 23, 30, 32-35, 41, 42, 43, and 45 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Vollert and Ganesan as applied to 
claims 1 and 17 above, and further in view of Smithies et al (5,544,255). 

As per claims 5, 7, 32, Vollert is silent in expressly teaching the use of 
web browser and hypertext markup languages to send signing request. Smithies 
teach a commerce system that utilizes the WWW to securely transmit documents 
with Web browsers using HTML (see col. 41, line 64— col. 43, line 10). The 
infrastructure on which Smithies bases his system in well known in the art, i.e. 
the WWW. In view of this it would have been obvious to one of ordinary skill in 
the art at the time of the invention to employ the teachings of Smithies within the 
system of Vollert and Ganesan because the Internet is network connecting the 
world and the main language of communicating is HTML for Web services. 
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As per claims 6 and 33, Vollert teaches the retrieving at the local computer 
cluster the signature ready document is automatic (col. 2, lines 5-10). 

As per claims 17, 18, 41, and 42, Vollert teaches registering individuals as 
users, wherein registering includes: verifying and recording the identity of 
individuals registering including biometric measurements (col. 2, lines 9-10, se- 
es, and coL 3, lines 12-13). 

Vollert fails to teach associating passwords with the recorded digitized 
handwritten signatures and the recorded identities; and storing the recorded 
digitized handwritten signatures, and the recorded identities in an identity 
database, the identity database being accessible to the local computer cluster. 
Smithies et al teach digitizing and recording handwritten signatures of individuals 
registering (column 3, line 35— column 4, lines 58); associating passwords with 
the recorded digitized handwritten signatures and the recorded identities (column 
17, lines 14-21); and storing the recorded digitized handwritten signatures, and 
the recorded identities in an identity database, the identity database being 
accessible to the local computer cluster (column 5, lines 5-12). The combined 
teachings of Vollert and Ganesan rely on a trusted server to perform the 
authentication process to allow access to a resource such as a document. 
Ganesan teaches authenticating a user to a trusted server (column 8, lines 33- 
34). Smithies et al teach a method whereby a user can authenticate himself or 
herself to a remote computer system, thereby allowing access to a particular 
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electronic docunnent (column 6, lines 29-44). Smithies et a! teach a signature 
can be transmitted to a remote site for verification before allowing access to a 
computer system and that the computer system can verify a handwritten 
signature. Therefore, a handwritten signature is a way in which a computer 
system can grant authentication to a user who has registered. 

In view of this, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to employ the teaching of Smithies et al 
- - - within the combined system of Vollert and Ganesan because the use of digitar - - 
handwritten signatures or any blometric measurement Is a way that a trusted 
server can viably authenticate a user. One skilled in the art would have been 
motivated to generate the claimed invention with a reasonable expectation of 
success. 

As per claims 19 and 43, the Vollert teaches the blometric measurements 
can determine whether individuals have previously registered. This is an obvious 
conclusion to using blometric Identification to identify a user as taught In col. 3, 
lines 12-14). 

As per claims 20, Vollert teaches the first user is a registered user (col. 2, 
lines 9-10, 66-68, and col. 3, lines 12-13). 

As per claims 21 and 45, Vollert teaches appending a signature to a 
document but does not teach a digitized handwritten signature. Smithies et al 
teach appending the first user's digitized signature to the signature ready 
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document; making a hash of the signature ready document; and encrypting the 
hash of the signature read), document with the first user's private key (column 
20, lines 23-64 and column 13, lines 36-56). The examiner supplies the same 
rationale for the motivation as recited in the rejection of claim 17 to incorporate 
the use of a digitized signature as means to authenticate. Smithies et al teach 
hashing the signature and encrypting the hash with the user's key to further 
insure that the signed document cannot be altered or duplicated. Therefore, it 
would be advantageous to take these extra steps to insure the validity of a 
signed document. 

In view of this, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to employ the teaching of Smithies et al 
within the combined system of Vollert and Ganesan because one would want to 
protect a signed document from being altered or duplicated. One skilled in the 
art would have been motivated to generate the claimed invention with a 
reasonable expectation of success. 

As per claim 23, Vollert teaches receiving signing identification credentials 
from the first user (col. 2, lines 65-68). Vollert fails to teach generating the 
private key portions for individuals registering, wherein the private key portions 
can be used with signing identification credentials to construct complete private 
keys; associating the generated private key portions with the recorded identities 
of individuals registering storing private key portions in a private key database. 
Ganesan teaches generating the private key portions for individuals registering. 
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wherein the private key portions can be used with signing identification 
credentials to construct complete private keys (column 12, lines 45-65 and 
column 14, lines 10-40); associating the generated private key portions with the 
recorded identities of individuals registering (column 14, lines 10-40); and storing 
private key portions in a private key database (column 8, lines 1 1-43 and 
column). The examiner supplies to same rationale for the motivation to 
incorporate the teachings of Ganesan within the system of Vollert as recited in 

the rejection of claim 1 . Vollert teaches sending identification credentials to the 

server. Furthermore, it would have been obvious to one of ordinary skill in the art 
to generate the server side of the private key with identifying credentials because 
it associates the key with the intended user. 

As per claim 30, Vollert teaches the local computer cluster further 
comprises a second memory device having stored thereon an identity database 
(col. 3, lines 15-25), the identity database including recorded user identities 
associated with signatures but is silent in disclosing user digitized handwritten 
signatures and passwords associated with the user identities. Smithies et al 
teach the identity database includes user digitized handwritten signatures and 
passwords associated with the user identities (column 17, lines 14-20). Smithies 
et al use this teaching in order to organize its users and their respective 
identifying information so that the system can correctly link and identify a user 
with his/her data as a way to authenticate. Vollert stores the signed documents 
in a database with some identifying information but not to the extent that Smithies 
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et al teach. It would be advantageous to the system of Vollert to provide a more 
secure means to authenticate a person before the system allows a user to view a 
signed document. Smithies et al teachings provide such a means. 

In view of this, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to employ the teaching of Smithies within the 
combined system of Vollert and Ganesan because it would allow the system to 
have a more secure method of authentication. One skilled in the art would have 
been motivated to generate the claimed invention with a reasonable expectation 
of success. 

As per claim 34, Vollert teaches a registration computer connected to the 
local computer cluster (col. 2, lines 66-68). 

As per claim 35 Vollert teaches registering individuals as users, wherein 
registering includes: verifying and recording the identity of individuals registering 
(col. 2, lines 9-10, 66-68, and col. 3, lines 12-13). Vollert fails to teach digitizing 
and recording handwritten signatures (which is an example of a biometric 
measurement) of individuals registering; associating passwords with the 
recorded digitized handwritten signatures and the recorded identities; and storing 
the recorded digitized handwritten signatures, and the recorded identities in an 
identity database, the identity database being accessible to the local computer 
cluster. Smithies et al teach digitizing and recording handwritten signatures of 
individuals registering (column 3, line 35 — column 4, lines 58); associating 
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passwords with the recorded digitized handwritten signatures and the recorded 
identities (column 17, lines 14-21); and storing the recorded digitized handwritten 
signatures, and the recorded identities in an identity database, the identity 
database being accessible to the local computer cluster (column 5, lines 5-12). 
The combined teachings of Vollert and Ganesan rely on a trusted server to 
perform the authentication process to allow access to a resource such as a 
document. Ganesan teaches authenticating a user to a trusted server (column 8, 
lines 33-34). Smithies et al teach a method whereby a user can authenticate 
himself or herself to a remote computer system, thereby allowing access to a 
particular electronic document (column 6, lines 29-44). Smithies et al teach a 
signature can be transmitted to a remote site for verification before allowing 
access to a computer system and that the computer system can verify a 
handwritten signature. Therefore, a handwritten signature is a way in which a 
computer system can grant authentication to a user who has registered. 

In view of this, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to employ the teaching of Smithies et al 
within the combined system of Vollert and Ganesan because digital handwritten 
signature are a way that a trusted server can viably authenticate a user. One 
skilled in the art would have been motivated to generate the claimed invention 
with a reasonable expectation of success. 
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Claims 24 is rejected under 35 U.S.C. 103(b) as being unpatentable by 
Vollert in view of Smithies. 

As per claim 24, Vollert teaches transmitting user identification information 
and document identification information to the local computer cluster (col. 2, lines 
65-66 and col. 2, lines 5-6); transmitting a signing request to the local computer 
cluster from the remote computer independent of both a private key portion and a 
public key portion, the signing request requesting the local computer-cluster to 
retrieve the identified document from a second remote computer (col. 2, lines 1- 
5), obtaining a private encryption key associated with the user from a third 
computer (col. 2, line 10), and to sign the retrieved document using the obtained 
private key on a fourth computer, wherein the first, second, third, fourth remote 
computers can be the same or different computers (col. 2, lines 15-20). 
Examiner notes that any number of computers and division of duty anticipates 
the computers disclosed in this claim. 

Vollert is silent in disclosing running a browser on the first remote 
computer and using the browser to connect. Smithies teach a commerce system 
that utilizes the WWW to securely transmit documents with Web browsers using 
HTML (see col. 41, line 64— col. 43, line 10). The infrastructure on which 
Smithies bases his system in well known in the art, i.e. the WWW. In view of this 
it would have been obvious to one of ordinary skill in the art at the time of the 
invention to employ the teachings of Smithies within the system of Vollert and 
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Ganesan because the Internet is network connecting the world and the main 
language of communicating is HTML for Web services. 



Claim 22 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Vollert, Ganesan, Smithies as applied to claims 1 and 17 above, and further in 
view of Shin (USP 6,351 ,634 B1 ). 

As per claim 22, Vollert is-sllent in disclosing: 

associating and storing a secret set of recognition graphics with the 
passwords in the identity database; 

displaying a plurality of recognition graphics, including recognition 
graphics from the secret set, on the first remote computer; 

requesting the first user to select graphics included in the secret set using 
a non-keyboard selecting device attached to the first remote computer; 

receiving a message from the first remote computer identifying the 
selected graphics; 

authorizing access to the local computer cluster if the selected graphics 
are included in the secret set. 

Shin discloses: 

associating and storing a secret set of recognition graphics with the 
passwords in the identity database (column 1 , line 60— column 3, line 21); 
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displaying a plurality of recognition graphics, including recognition 
graphics fronn the secret set, on the first remote computer (column 1 , line 60— 
column 3, line 21); 

requesting the first user to select graphics included in the secret set using 
a non-keyboard selecting device attached to the first remote computer (column 1, 
line 60— column 3, line 21 ); 

receiving a message from the first remote computer identifying the 
selected graphics (column 1, line 60— column 3Jine 21); 

authorizing access to the local computer cluster if the selected graphics 
are included in the secret set (column 1, line 60— column 3, line 21). 
Shin teaches that his method of authentication is better than methods using just 
keypad data entries. He suggests it is harder for someone to gain knowledge of 
a secret symbol than gaining knowledge of keypad alphanumeric passwords. 
Therefore, it would be advantageous to the overall security of the system is 
authentication was assisted by determining secret symbols as opposed to just 
alphanumeric passwords. 

In view of this, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to employ the teaching of Shin within the 
combined system of Vollert and Ganesan and Smithies et al because it would 
allow the system to have a more secure method of authentication. One skilled in 
the art would have been motivated to generate the claimed invention with a 
reasonable expectation of success. 
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Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. 
See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. -In the event a first reply^ 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Michael R Vaughan whose telephone number 
is 703-305-0354. The examiner can normally be reached on M-F 7:30-4:00. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax 
phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 

Michael R Vaughan 

Examiner 

Art Unit 2131 
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